Lucene search
K

16 matches found

OSV
OSV
added 2024/03/06 11:6 a.m.23 views

BIT-NODE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.4AI score0.23132EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.29 views

CentOS 9 : libuv-1.42.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libuv-1.42.0-1.el9 build changelog. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer ...

5.3CVSS7.1AI score0.23132EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2024/02/08 12:39 p.m.67 views

CVE-2024-24806

A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...

7.3CVSS7.2AI score0.02003EPSS
Exploits1References5
Veracode
Veracode
added 2024/02/08 8:37 a.m.24 views

Server-Side Request Forgery (SSRF)

libuv.so is vulnerable to Server-Side Request Forgery SSRF. The vulnerability arises due to how the hostnameascii variable with a length of 256 bytes is handled in uvgetaddrinfo and subsequently in uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating nu...

7.3CVSS7AI score0.02003EPSS
Exploits1References11Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.37 views

GLSA-202401-23 : libuv: Buffer Overread

The remote host is affected by the vulnerability described in GLSA-202401-23 libuv: Buffer Overread - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether...

5.3CVSS7.1AI score0.23132EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.20 views

Rocky Linux 8 : libuv (RLSA-2021:3075)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3075 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read an...

5.3CVSS7.1AI score0.23132EPSS
Exploits1References3
OSV
OSV
added 2021/08/10 12:0 p.m.21 views

ALSA-2021:3075 Low: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

5.3CVSS6.8AI score0.23132EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/08/10 12:0 a.m.42 views

RHEL 8 : libuv (RHSA-2021:3075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3075 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: out-of-bounds read in uvidnatoascii can lead to...

5.3CVSS7.2AI score0.23132EPSS
Exploits1References5
ArchLinux
ArchLinux
added 2021/07/20 12:0 a.m.141 views

[ASA-202107-36] libuv: information disclosure

Arch Linux Security Advisory ASA-202107-36 ========================================== Severity: Medium Date : 2021-07-20 CVE-ID : CVE-2021-22918 Package : libuv Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2131 Summary ======= The package libuv before versi...

5.3CVSS0.2AI score0.23132EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.6 views

The vulnerability of the uv__idna_toascii() function on the Node.js software platform, which allows a hacker to trigger a service failure or gain unauthorized access to protected information.

The vulnerability of the uvidnatoascii function on the Node.js platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures or gain unauthorized access to protected information...

8.2CVSS7AI score0.23132EPSS
Exploits1References12Affected Software11
OSV
OSV
added 2021/07/12 11:15 a.m.30 views

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.4AI score
Exploits0References5
Prion
Prion
added 2021/07/12 11:15 a.m.19 views

Out-of-bounds

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5CVSS6AI score0.23132EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2021/07/12 12:0 a.m.27 views

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

6.5AI score0.23132EPSS
Exploits1References5
CVE
CVE
added 2021/07/12 12:0 a.m.420 views

CVE-2021-22918

CVE-2021-22918 affects Node.js releases prior to 16.4.1, 14.17.2 and 12.22.2 due to an out-of-bounds read in libuv’s uv__idna_toascii() used during DNS lookups. The flaw allows information disclosure or crashes when a crafted domain is processed via uv_getaddrinfo(). The root cause is reading bey...

5.3CVSS6.3AI score0.23132EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2021/07/12 12:0 a.m.39 views

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.7AI score0.23132EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/02 12:0 a.m.25 views

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.8AI score0.23132EPSS
Exploits1References3
Rows per page
Query Builder